This article describes thatLDAPS negotiation fails with TLS 1.0 post upgrade v7.4.3
Below are debug logs that could be noticed for LDAPS negotiation failure:
(Can't contact LDAP server) error:0A000102:SSL routines::unsupported protocol ldap_simple_bind_s: (Can't contact LDAP server) error:0A000102:SSL routines::unsupported protocol ldap_simple_bind_s: (Can't contact LDAP server) error:0A000102:SSL routines::unsupported protocol ldap_simple_bind_s: (Can't contact LDAP server) error:0A000102:SSL routines::unsupported protocol ldap_simple_bind_s: (Can't contact LDAP server) error:0A000102:SSL routines::unsupported protocol ldap_simple_bind_s: (Can't contact LDAP server) ldap_simple_bind_s: (Can't contact LDAP server) ldap_simple_bind_s: (Can't contact LDAP server) ldap_simple_bind_s: (Can't contact LDAP server) ldap_simple_bind_s: (Can't contact LDAP server)
Scope
FortiADC v7.4.3
Solution
This is because OpenSSL was upgraded to v3.x and TLS 1.0 was disabled by default as part of OpenSSL upgrade.
Upgrading to version v7.4.5 or 7.6.0 would make LDAPS negotiation successful with the TLS 1.0 version.